Planning Reports for Journal Entry Testing

The first report was described in Chapter 13, which was a summary of the trial balance by the source of the entry and the debits and credits, which form the account balance. This report is very useful in targeting accounts that are composed solely of journal entries. The report will also allow the auditor to ensure the completeness of the population because the accounts totals produced from the report will need to be reconciled or matched to the general ledger produced from the company's automated system.

The second report is a summary of journal entry activity by individual. The summary should focus on:

• Aggregate dollar value of journal entries and frequency of journal entries. The FDA should use the value of the debits or credits.
• Stratify dollar value of journal entries by control levels and provide frequency of journal entries.
• Stratify journal entries before year‐end and after year‐end.

The third report is a summary of journal entries by type of journal entry. The type field is dependent on the codes used by the company. The first report should be a summary by type, providing the aggregate dollar value, frequency of posting, maximum dollar, minimum dollar, and the average dollar. Based on the company, the report could be summarized by:

• Company
• Account
• Individual

The remaining reports should be designed for the concept of data availability, reliability, and usability:

• Test for gaps in the journal entry numbers.
• Test for duplicate journal entry numbers. Remember, duplicates can be masked by alpha or special symbols. The cleaning process cleans the journal entry numbers of alpha and special symbols and records the cleansed number in a virtual field for duplicate testing.
• Test for journal entry numbers that have no numeric integers. Be careful, a simple test for blanks would not reveal a dash.
• Test for off‐period journal entries.

What Are the Overall Strategies for General Journal Entry Fraud Data Analytics?

The following fraud data analytics approaches are designed to locate a fraud scenario recorded through a general journal entry:

• The defined anomaly attribute of the journal entry using the scoring sheet concept.
• The use of disaggregated analysis on general ledger accounts and subledgers to identify which journal entry or entries would have a material impact on the general ledger account.
• The historical approach, using the red flags from previously reported fraud schemes in other companies.
• The absence of a journal entry, when a journal entry should be recorded.
• The timing of the journal entry.
• The alpha description explaining the purpose of the journal entry.
• The why question.

Approach One: What Is an Anomaly General Journal Entry Using the Scoring Sheet Concept?

The simple answer is that the journal entry is an extreme deviation from the standard journal entry. The answer is perfectly accurate but perfectly useless. By the way, that is a variation of an old accounting joke. The question, however, is a critical question in the development of a data interrogation plan. The answer to the question starts with the fraud scenario; the remaining parts of the answer are: the financial account; materiality; the general anomalies; and the company‐specific anomalies. The sample selection is then based on a composite score of the journal entry.

The scoring sheet concept was first introduced in Chapter 6 and referred to in many chapters. The concept is simple: The auditor identifies a series of attributes, assigns a risk rating to the attribute (1, 2, or 3), and then calculates a score for each journal entry within the analysis. The sample selection is based on the journal entries with the highest score.

The system works best on a specific account or combination of accounts. The system starts with the fraud scenarios. The next considerations are the direction of testing, materiality, general attributes of journal entries, and at least one company‐specific consideration. The direction of testing and materiality are a requirement of the scoring sheet. It is recommended that at least three common or company‐specific attributes are used to minimize false positives. However, in reality, the fraud auditor needs to exercise judgment on the number of attributes to use:

• The first attribute should be the materiality concept. If the entry is not material individually or in the aggregate, then the journal entry most likely will not have a material impact on the financial account.
• The materiality concept should be consistent with the direction of testing for overstatement or understatement.
• General journal entry that the debits exceed a predetermined dollar amount is searching for one journal entry that has a material effect on the financial account.
• General journal entries that have a high frequency of occurrence and a material dollar value in the aggregate is searching for journal entries that appear to be circumventing the intent of the internal control process and would have a material effect on the financial account.
• The second attribute should be a specific account or the class of accounts. Remember the definition of an anomaly and the concept of shrinking the haystack. To some degree, the first and second attributes are a lot like the question, Which comes first, the chicken or the egg?
• The third attribute is the general attributes of the financial reporting process. The following are intended to be examples of general attributes that would cause a journal entry to be selected.
  • General journal entries to control accounts such as cash, accounts receivable, or accounts payable is searching for journal entries that should not occur.
  • General journal entries that shift transactions to another section of the financial statement. Examples are debit‐capitalized advertising expenses and credit operating expenses. While the entry may be correcting a posting error, the entry moved a transaction from the income statement to balance sheet, which effectively increased operating income.
  • General journal entries where the debit or credit side of the journal entry is illogical, such as debit equipment and credit accrued revenue.
  • General journal entries transferring transactions from one company to another company.
  • General journal entries that occur at off‐period times. Off‐period needs to be defined by off‐period for your company versus a generic standard. The fraud data analysis links to the internal control avoidance strategy.
  • General journal entries that are posted after all source journal entries are posted are searching on the timing of the entry.
  • General journal entries originated or approved by senior financial management includes entries searching for management override or using the auditor's historical knowledge of prior financial frauds.
  • General journal entries where the journal number has a number, special symbol, or alpha characters that are not consistent with normal journal number identification is searching for entries that have been tagged in a unique manner.
  • General journal entries are round numbers or recurring numbers to the same general ledger account. The fraud data analysis links to the number anomaly strategy.
  • General journal entries where the description contains words consistent with the concept of recording bogus entries.
• The company‐specific journal entries are determined by the fraud auditor's understanding of the company's financial reporting process and internal controls for general journal entries.

Approach Two: Disaggregated Analysis of General Ledger Account Balance

Every financial statement has key operating statistics, by which investors or bankers evaluate the financial soundness of the company. Each operating statistic links to a general ledger account. The first step is to understand which accounts are most likely to be misstated. The second step is to understand the accounting policies and GAAP surrounding those accounts. The disaggregated approach is not intended for every general ledger account, but rather the key general ledger account or accounts that are comprised of a subledger by design, such as accounts receivable. The planning report for the trial balance is the first disaggregated report.

Many journal entries look like any other journal entry on face value—there are debits and credits. They tend to be large numbers that post to a general ledger control account. Behind that control number is a subledger that typically comprises many subaccounts. Those subaccounts comprise transactions from a source journal and transactions from journal entries. The disaggregated approach is to dissect the general ledger account into its smallest component. In this way, the large journal entry with a large number becomes a smaller journal entry with a lot of small numbers posted to individual accounts. The analysis uses summary features by both dollar and record count, using the subledger impact versus the control account impact.

The sample selection can be either solely on materiality or based on data interpretation using the red flag concept.

Approach Three: Historical Red Flag of Fraudulent Journal Entries

The fraud data analytics approach is based on the study of previous financial statement frauds. The knowledge is invaluable for the fraud auditor in both the internal control testing and the substantive testing performed by the auditor.

In internal control testing, the red flag approach should be called educated skepticism methodology. The knowledge tells the auditor that the observable event has been linked to prior financial statement frauds. Thereby, the knowledge would alert the auditor to the susceptibility of intentional misstatement of a financial account.

The red flag has two approaches—red flag associated with an individual journal entry or red flag associated with a general ledger account where fraudulent journal entries are oftentimes posted. The journal entry red flag is most effective for control testing, whereas the general ledger red flag is most effective for substantive testing.

In fraud data analytics, the red flag can be used to design a specific search criterion. The historical red flag approach can occur at the journal entry level or the impact on an account level. From a practical perspective, the methodology is easy to use. The following is a list of historical red flags that have occurred in previous companies in no specific order.

Historical Red Flags of Fraudulent Journal Entries:

• Movement of asset, liability, equity, revenue, or expense accounts consistent with fraud theory of overstatement or understatement. This should be called the overall red flag.
• Timing of when the entry is recorded. Entries recorded at late or early morning hours, entries recorded on a holiday.
• End‐of‐quarter or end‐of‐year entries.
• Entries recorded after closing routine journals.
• Manual entries or nonroutine entries recorded in new general ledger accounts or seldom‐used general ledger accounts.
• Entries initiated or recorded by senior financial management.
• Journal entry for which the total amount of the entry is a round amount or even amount.
• Multiple journal entries recorded on successive dates or times.
• Multiple manual entries initiated by same individual.
• Reversal entries that cause the account balance to have a material change in balance.
• Journal entry number is out of sequence with standard numbering.
• Journal entry reference contains numbers, letters, or symbols not consistent with standard identification.
• Journal entries that transfer the transaction between two operating companies, which are not considered a consolidating entry.
• Journal entry reclassifies a recorded transaction between two general ledger accounts with no logical reason for the reclassification.
• Journal entry reclassifies a transaction from the other revenue account to operating revenue.
• Journal entry reclassifies a transaction between operating expenses to nonoperating expense account.
• Revenue entry having other side of entry having debits or credits to unusual accounts.

Historical Red Flags of General Ledger Accounts Containing Fraudulent Journal Entries:

• Account without entries from a source journal.
• Account used solely for period‐end adjustments.
• Account used for solely for reserves.
• Account for intercompany transactions.
• Account adjusted to a zero balance.
• Account where the reversal entry causes a zero balance account to have a material balance.
• Account with a significant year‐end change.
• Account not reconciled on a timely basis.
• Account where the opposite side of the entry is nonstandard or unusual by the nature of the entry.
• Account where the net movement of the account balance is consistent with fraud theory.
• New general ledger account numbers containing only journal entries.
• Account having an unusual activity of journal entries and all journal entries are below the control threshold.

Approach Four: The Absence of a Journal Entry

Journal entry testing by its nature indicates that we are selecting journal entries for either control testing or substantive testing. However, many high‐profile financial statement frauds occurred because an entry was not posted. The following two situations will illustrate the concept. I have intentionally not identified the company.

The business plan for a corporation in the retail industry called for expansion and building of new retail locations. The accounting practice was to record all costs associated with inspecting new sites into property, plant, and equipment ledger directly from the purchases journal. When a decision was made not to build at the site, a journal entry transferring the costs from an asset account to an operating expense account was never recorded. The absence of a journal entry overstated operating net income.

A corporation in the business of renting home furnishings and office furniture intentionally did not write off any assets held for rental that were damaged or stolen by the renter. When the results of the physical inventory internal control revealed that rental furnishings were destroyed or missing, senior management instructed staff not to record a journal entry recognizing the write‐off of the rental assets. The absence of a journal entry overstated operating net income.

The absence of an entry requires the fraud auditor to understand the company's business and the accounting practices for the specific general ledger account. The fraud data analytics then targets the specific accounts, searching for accounts where there is an absence of journal entry when a journal entry would be expected.

Approach Five: The Timing of the Journal Entry

One of the problems in falsifying the financial statements is that financial management does not know how much to misstate the financial account until the source journals are recorded. At that point, financial management knows what is necessary to meet their numbers. However, after the financial statements are issued, the process of falsifying the statements starts over. The strategies for timing analysis are:

• Journal entries posted after all source journals are posted.
• Journal entries' proximity to the opinion date.
• Reversal entries.

Approach Six: The Alpha Description Describing the Purpose of the Journal Entry

Each journal entry has a written description explaining the purpose of the journal entry. Similar to the word searching approach used in FCPA audits, the fraud data analytics could search the description field for anomalies or keywords. The fraud theory is that journal entries that are created with an evil motive are more likely to be brief or vague.

The first step is to understand the business practices of the accounting department in writing the journal entry description. Is the business practice to write a brief or verbose description in the description field?

The second step is to perform an alpha count on the description field to determine the average number of alpha positions in the description field. Using the alpha count, the fraud data analytics creates a file of journal entries that contain less than the average number of alpha positions. The second step is to summarize the journal entries by a logical grouping, such as by person, by timing, or by account. The sample selection can either be journal entries that contain less than x number of alpha positions or through the data interpretation strategy using the auditor's business knowledge and the listing of historical red flags.

Another approach is to search on keywords in journal entry description field. Once again, the auditor needs to understand the normal accounting practices for the description field. The approach can focus on either common words such as estimate or estimation or specific words such as correct or fix.

Approach Seven: The Why Approach

The focus of the why approach is to study journal entries that occur for a specific purpose and correlate to a specific category of accounts. As stated in the anomaly testing, an anomaly is a deviation from the norm. So, the first step is to create a common grouping of journal entries over a period of time. I would encourage you to use a complete accounting cycle. To illustrate the concept, we will use accrued revenue. Let's further assume the general ledger has multiple accounts associated with accrued revenue. The fraud data analytics would create a summary of the journal entries impacting only those accounts. The last decision is whether to use the balance sheet account or the revenue account. I would encourage the use of the balance sheet account. The analysis should further segregate reversals of the prior month from the entry that created the accrued revenue. The summary is by the person recording the entry or by a logical grouping of accounts:

• By person recording the journal entry, providing dollar and frequency summary data.
• By each account associated with accrued revenue, providing dollar and frequency summary data.

Approach Eight: Concealing the Theft of Assets

In my experience, when financial management is involved in asset misappropriation schemes, they understand that the theft has an impact on the bottom line. They also understand the financial audit process. The predictability of the audit process has been identified as one of the reasons for audit failure. The following red flags are common with asset misappropriation schemes:

• Reclassify posted theft transactions from the income statement to the balance sheet to hide the theft loss. In two privately held companies, the balance sheet was overstated by 75 percent. In case one, the company was audited, and in case two, the company received a review opinion.
• Net adjusting entries to “fix” a balance sheet that was purportedly unreconciled when in fact the theft losses were hidden in the account. The auditor focused on the account balance reconciliation rather than the why question.
• Convoluted journal entries that are so complex in the audit trail of the transaction that following the entry from beginning to end caused the auditor to give up. The convoluted aspect effectively concealed the technique used by the controller to commit the asset misappropriation scheme. In this scheme, the controller misappropriated $1.4 million.
• The write‐off of an asset from the balance sheet to an illogical account where the write‐off is not visible. The inventory was written off to marketing‐related expenses. The journal entry description indicated sales promotions.
• Layering the theft through small‐dollar entries affecting many accounts, effectively using the lack of materiality of the transactions as a concealment technique. The controller was reimbursing himself for out‐of‐pocket expenses totaling $120,000. The reimbursement was included in his net payroll. The journal entry description indicated “reimbursement of out‐of‐pocket expenses.” The expenses were spread through many operating expense accounts so that no one entry appeared to be material.